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CT AIM AMENDMENTS 

Claim Amendment S ummary 
Claims pending 

• At time of the Action: Claims 1-35. 

• After this Response: Claims 1-15 and 18-35, 
Canceled or Withdrawn claims: 16 and 17. 
Amended claims: 18, 19, and 29. 

New claims: none. 

Claims: 

1. (ORIGINAL) A method for accommodating a legacy 
application, the method comprising: 

obtaining a request for a high-level credential from a legacy 

application; 

marshalling the requested credential; 

returning the marshaled credential to the application. 

2. (Original) A method as recited in claim 1 further 
comprising, after the obtaining, seeking the requested credential in a 
database of credentials. 
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3. (Original) A method as recited in claim 1 7 wherein a high- 
level credential is a credential selected from a group composed of X.509 
Certificates and bio-metrics, 

4. (ORIGINAL) A method as recited in claim 1, wherein the 
marshaled credentials appear to be a conventional username/password pair 
to die legacy application* 

5. (ORIGINAL) A method as recited in claim 1, wherein 

marshalling comprises: 

obtaining the requested high-level credential; 

pickling the requested high-level credential to generate a low-level 
credential that represents the requested high-level credential while 
appearing to be a conventional username/password pair to the legacy 
application. 

6. (ORIGINAL) A method as recited in claim 1, wherein the 
legacy application never has access to the high-level credential. 

7. (ORIGINAL) A computer-readable medium having computer- 
executable instructions that, when executed by a computer, perform a 
method as recited in claim 1 . 
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8. (ORIGINAL) In a computing environment where processes 
have a provision for low-level credentials but have no provision for high- 
level credentials, a method for accommodating such processes comprising: 

obtaining a request for a credential from a process, wherein the 
requested credential is a high-level credential; 

retrieving the requested credential from a database; 

converting the requested high-level credential into a format 
approximating a low-level credential and representative of me requested 

high-level credential; 

returning the converted credential to the process. 

9. (Original) A method as recited in claim 8, wherein a high- 
level credential is a credential selected from a group composed of X.509 
Certificates and bio-metrics. 

10. (Original) A method as recited in claim 8, wherein the 
converted credentials appear to be a conventional usemame/password pair 
to the process. 

11. (ORIGINAL) A method as recited in claim 8, wherein the 
process never has access to the high-level credential. 
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12. (ORIGINAL) A computer-readable medium having computer- 
executable instructions that, when executed by a computer, perform a 
method as recited in claim 8. 

13. (ORIGINAL) A method for authenticating a user to a 
network, the method comprising: 

obtaining a request for a credential to aulhenticate the user to access 
a resource within the network, wherein the resource requires an appropriate 
credential before the user may access the resource; 

locating the appropriate credential; 

returning the appropriate credential to the resource within the 
network, so that the resource allows the user to access such resource; 

wherein the obtaining, locating, and returning are performed without 
user interaction so that the user need not be aware that such steps are being 
performed. 

14. (Original) A method as recited in claim 13 further 
comprising repeating the obtaining, locating, and returning for a different 
network that is authenticated using a different credential. 

15. (Original) A computer-readable medium having computer- 
executable instructions that, when executed by a computer, perform a 
method as recited in claim 13. 
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16. (Canceled) 



17- (CANCELED) 



credential 



18. (CURRENTLY AMENDED) A 

management architecture, comprising: 

a trusted computing base (TCB) that has full access to persisted 
credentials, the TCB being configured to interact with an untmsted 
computing layer (UTCL) mat accesses the persisted credentials via the 
TCB; 

the TCB comprises: 

a credential management module configured to receive 
requests from the UTCL for a high-level credential for a resource, 
the hiflh-level credential being associated with a user; 

a credential database associated with the user, wherein 
credentials are persisted within the database; 

the credential management module being configured to 
retrieve credentials from the database. 

19. (CURRENTLY AMENDED) An architecture as recited 
in claim 18, wherein credential management module is further configured 
to marshal a requested h jfh-level credential and return the marshaled 
credential to the UTCL. 
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20. (ORIGINAL) An architecture as recited in claim 18, wherein 
the marshaled credentials appear to be a conventional username/password 
pair to theUTCL. 

21. (Original) A computer-readable medium having computer- 
executable instructions that, when executed by a computer, employ an 
architecture as recited in claim 18. 

22. (ORIGINAL) An operating system embodied on a computer- 
readable medium having computer-executable instructions that, when 
executed by a computer, employ an architecture as recited in claim 1 8. 

23. (ORIGINAL) An apparatus comprising: 
a processor; 

a marshaler executable on the processor to: 
obtain a high-level credential; 

convert the high-level credential to generate a representation 
of the high-level credential that is formatted as a low-level credential 
so that it appears to be a conventional username/password pair. 
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24. (ORIGINAL) A low-level-credential-application 

accommodation system comprising: 

a request obtainer configured to obtain a request for a high-level 
credential from a low-level-credential-application; 

a credential retriever configured to retrieve the requested credential 
from a database of credentials; 

a marshaller configured to marshal the requested credential and 
return the marshaled credential to the low-level-credential-application. 

25. (Original) A system as recited in claim 24, wherein a high- 
level credential is a credential selected from a group composed of X.509 
Certificates and bio-metrics. 

26. (ORIGINAL) A system as recited in claim 24, wherein the 
marshaled credentials appear to be a conventional username/password pair 
to the legacy application. 

27. (ORIGINAL) A system as recited in claim 24, wherein 
marshaUer is further configured to convert the requested high-level 
credential to generate a low-level credential that represents the requested 
high-level credential while appearing to be a conventional 
username/password pair to the low-level-credential-application. 
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28. (ORIGINAL) A system as recited in claim 24, wherein the 
legacy application never has access to the high-level credential. 

29. (CURRENTLY AMENDED) A system for 
authenticating a user to a network, the system comprising: 

a request obtainer configured to obtain a request for a high-levq j 
credential to authenticate the user to access a resource within the network, 
wherein the resource requires an appropriate credential before the user may 

access the resource; 

a credential retriever configured to retrieve the appropriate highr 

levjd credential from a database of credentials; 

* ^Hph ^I marshy V ™"*f""^ flenerate a representation of thg 

««*i«ntjfl) that is f^rm^H a* a law-lflvH credential go that it 

ap pears to * conven tional naerp^e/pflssword pain 

a credential returner configured to return the appropriate marshaled 
credential to the resource within the network, so that the resource allows 
the user to access such resource; 

wherein the obtainer, retriever, rqarshallen and returner are further 
configured to operate without user interaction. 

30- (ORIGINAL) An operating system comprising a system as 
recited in claim 29. 
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31. (ORIGINAL) A network environment comprising a system as 
recited in claim 29, 

32. (ORIGINAL) An application programming interface (API) 

method comprising: 

receiving a CredUI-promptfor-credentials call having a set of 
parameters comprising a TargetName, Context, AuthFlags, and Flags; 

parsing the call to retrieve the parameters to determine a specified 

resource; 

obtaining a credential; 

associating the credential with the specified resource; 
persisting the credential into a database while maintaining the 
credential's association with the specified resource. 

33. (ORIGINAL) A method as recited in claim 32, wherein the set 
of parameters further comprises an indicator of a data structure containing 
customized information to display in conjunction with a user interface. 

34. (ORIGINAL) An application programming interface (API) 

method comprising: 

receiving a CredUI-promptfor-credentials call having a set of 
parameters comprising a TargetName, UserName, Password, and Flags; 

parsing the call to retrieve the parameters to determine a requesting 
application; 
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obtaining a low-level credential from a user, wherein such credential 
includes a username and a password; 

returning the low-level credential to the requesting application. 

35. (ORIGINAL) A method as recited in claim 34, wherein the set 
of parameters further comprises an indicator of a data structure containing 
customized information to display in conjunction with a user interface. 
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